<?php
session_start();
require('../config.ini.php');
if(isset($_POST['action'])){
		$action = $_POST['action'];
	} else {
		$action = $_GET['action'];
}
switch ($action) {
	
	case "ob-login":
		$obname = $_POST['ob-name'];
		$obpass = $_POST['ob-pass'];
		$ipaddress = $_SERVER['REMOTE_ADDR'];
        $sql="SELECT userid,usertype FROM userdata WHERE userid = '$obname' AND password = PASSWORD('$obpass') AND (usertype='2' OR usertype='3' OR usertype='4' ) AND userstatus = '1'";
        $result = mysql_query($sql);
        $row = mysql_fetch_array($result);
        $numrow = mysql_num_rows($result);
        if($numrow == 1) {
            session_register("obuserid");
            session_register("obusertype");
            $_SESSION['obuserid'] = $row['0'];
            $_SESSION['obusertype'] = $row['1'];
            $sql="INSERT INTO userlog (userid,logdatetime,ipaddress) VALUES ('$row[0]',NOW(),'$ipaddress')";
            mysql_query($sql);
			header("Location: index.php");
            mysql_free_result($result);
            mysql_close($link);
        } else {
            header("Location: index.php");
        }
	break;
	
	case "listprofile":
       $sql = "SELECT userdata.username, userdata.usersname, userdata.address, userdata.email, userdata.tel, userdata.mobile FROM userdata WHERE userdata.userid = '$_SESSION[obuserid]' AND userdata.userstatus = '1'";
        $result = mysql_query($sql);
        $euserprofile = array();
        $row = mysql_fetch_array($result, MYSQL_ASSOC);
        array_push($euserprofile, array('username' => $row['username'], 'usersname' => $row['usersname'], 'address' => $row['address'], 'tel' => $row['tel'], 'mobile' => $row['mobile'], 'email' => $row['email']));
        echo json_encode(array("euserprofile" => $euserprofile));
        mysql_free_result($result);
        mysql_close($link);
    break;
	
	case "editprofile";
        $efname=$_POST['efname'];
        $elname=$_POST['elname'];
        $euserpassword=$_POST['euserpassword'];
        $eaddress=$_POST['eaddress'];
        $eemail=$_POST['eemail'];
        $etel=$_POST['etel'];
		$emobile = $_POST['emobile'];
        if($_POST['euserpassword']==""){
			$sql = "UPDATE userdata SET username='$efname',usersname='$elname',address='$eaddress',email='$eemail',tel='$etel',mobile='$emobile' WHERE userid='$_SESSION[obuserid]'";
        }else{
			$sql = "UPDATE userdata SET username='$efname',usersname='$elname',address='$eaddress',email='$eemail',tel='$etel',mobile='$emobile',userpassword = PASSWORD('$euserpassword') WHERE userid='$_SESSION[obuserid]'";
        }
        mysql_query($sql);
        mysql_close($link);
    break;
	case "listnoticetype":
		$sql = "SELECT noticetype.noticetypeid, noticetype.noticetypename FROM noticetype WHERE noticetype.noticestatus =  '1' ORDER BY noticetype.noticetypeid DESC";
		$result = mysql_query($sql);
		while($row = mysql_fetch_array($result)){
			$str .= "<option value=\"$row[0]\">$row[1]</option>";
		}
		mysql_free_result($result);
		mysql_close($link);
		echo $str;
	break;
	case "addfood":
		print_r($_POST);
		$foodname = $_POST["fields"]["0"]["value"];
		$foodcategoryid = $_POST["fields"]["1"]["value"];
		$foodcc = $_POST["fields"]["3"]["value"];
		$foodunit = $_POST["fields"]["2"]["value"];
		$totalcallory = $_POST["fields"]["4"]["value"];
		$fatcallory = $_POST["fields"]["5"]["value"];
		$totalfat = $_POST["fields"]["6"]["value"];
		$saturatedfat = $_POST["fields"]["7"]["value"];
		$cholestoral = $_POST["fields"]["8"]["value"];
		$protein = $_POST["fields"]["9"]["value"];
		$carbohydrate = $_POST["fields"]["10"]["value"];
		$dietaryfiber = $_POST["fields"]["11"]["value"];
		$vitamina = $_POST["fields"]["12"]["value"];
		$thiamin = $_POST["fields"]["13"]["value"];
		$riboflavin = $_POST["fields"]["14"]["value"];
		$niacin = $_POST["fields"]["15"]["value"];
		$vitaminb6 = $_POST["fields"]["16"]["value"];
		$folicacid = $_POST["fields"]["17"]["value"];
		$biotin = $_POST["fields"]["18"]["value"];
		$panlothenicacid = $_POST["fields"]["19"]["value"];
		$vitaminb12 = $_POST["fields"]["20"]["value"];
		$vitaminc = $_POST["fields"]["21"]["value"];
		$vitamind = $_POST["fields"]["22"]["value"];
		$vitamine = $_POST["fields"]["23"]["value"];
		$vitamink = $_POST["fields"]["24"]["value"];
		$calcium = $_POST["fields"]["25"]["value"];
		$phosphorus = $_POST["fields"]["26"]["value"];
		$iron = $_POST["fields"]["27"]["value"];
		$iodine = $_POST["fields"]["28"]["value"];
		$magnesium = $_POST["fields"]["29"]["value"];
		$zinc = $_POST["fields"]["30"]["value"];
		$copper = $_POST["fields"]["31"]["value"];
		$potassium = $_POST["fields"]["32"]["value"];
		$sodium = $_POST["fields"]["33"]["value"];
		$manganese = $_POST["fields"]["34"]["value"];
		$selenium = $_POST["fields"]["35"]["value"];
		$fluoride = $_POST["fields"]["36"]["value"];
		$molybdenum = $_POST["fields"]["37"]["value"];
		$chromium = $_POST["fields"]["38"]["value"];
		$chloride = $_POST["fields"]["39"]["value"];
		$sql = "INSERT INTO food (foodname,foodcategoryid,foodcc,foodunit,totalcallory,fatcallory,totalfat,saturatedfat,cholestoral,protein,carbohydrate,dietaryfiber,vitamina,thiamin,riboflavin,niacin,vitaminb6,folicacid,biotin,panlothenicacid,vitaminb12,vitaminc,vitamind,vitamine,vitamink,calcium,phosphorus,iron,iodine,magnesium,zinc,copper,potassium,sodium,manganese,selenium,fluoride,molybdenum,chromium,chloride) VALUES ('$foodname','$foodcategoryid','$foodcc','$foodunit','$totalcallory','$fatcallory','$totalfat','$saturatedfat','$cholestoral','$protein','$carbohydrate','$dietaryfiber','$vitamina','$thiamin','$riboflavin','$niacin','$vitaminb','$folicacid','$biotin','$panlothenicacid','$vitaminb12','$vitaminc','$vitamind','$vitamine','$vitamink','$calcium','$phosphorus','$iron','$iodine','$magnesium','$zinc','$copper','$potassium','$sodium','$manganese','$selenium','$fluoride','$molybdenum','$chromium','$chloride')";
		mysql_query($sql);
		mysql_close($link);
	break;
	
	case "addnews":
		$noticehead = $_POST["noticehead"];
		$noticecontent = $_POST["noticecontent"];
		$noticetypeid = $_POST["noticetypeid"];
		if(isset($_FILES["addnewspic"]) && $_FILES["addnewspic"]["size"] > 0){
			$file_name=$_FILES["addnewspic"]["name"];
			$file_tmp_name=$_FILES["addnewspic"]["tmp_name"];
			$file_size=$_FILES["addnewspic"]["size"];
			$file_type=$_FILES["addnewspic"]["type"];
			$file_error=$_FILES["addnewspic"]["error"];
			$rename = explode(".",$file_name);
			$file_rename = $rename['0'].date("His",strtotime("now")).".".$rename['1'];
			$file_dest = "../newsimages/$file_rename";
			if (is_uploaded_file($file_tmp_name)) {
				if (move_uploaded_file($file_tmp_name,$file_dest)) {
				}
			} 
		}
		if($file_rename!=""){
			$sql = "INSERT INTO notice (noticehead,noticecontent,noticepic,noticedatetime,noticetypeid) VALUES ('$noticehead','$noticecontent','$file_rename',now(),'$noticetypeid')";
		} else {
		$sql = "INSERT INTO notice (noticehead,noticecontent,noticedatetime,noticetypeid) VALUES ('$noticehead','$noticecontent',now(),'$noticetypeid')";
		}
		mysql_query($sql);
		mysql_close($link);
	break;
	
	case "addnoticetype":
		$noticetypename = $_POST["fields"]["0"]["value"];
		$sql = "INSERT INTO noticetype (noticetypename) VALUES ('$noticetypename')";
		mysql_query($sql);
		mysql_close($link);
	break;
	
	case "addfoodtype":
		$foodcategoryname = $_POST["fields"]["0"]["value"];
		$description = $_POST["fields"]["1"]["value"];
		$sql = "INSERT INTO	foodcategory (categoryname,description) VALUES ('$foodcategoryname','$description')";
		mysql_query($sql);
		mysql_close($link);	
	break;
	
	case "adddisease":
		$diseasename = $_POST["fields"]["0"]["value"];
		$description = $_POST["fields"]["1"]["value"];
		$sql = "INSERT INTO	disease (diseasename,description) VALUES ('$diseasename','$description')";
		mysql_query($sql);
		mysql_close($link);
	break;
	
	case "addproduct":
		$productname = $_POST["productname"];
		$productdetail = $_POST["productdetail"];
		if(isset($_FILES["addproductpic"]) && $_FILES["addproductpic"]["size"] > 0){
			$file_name=$_FILES["addproductpic"]["name"];
			$file_tmp_name=$_FILES["addproductpic"]["tmp_name"];
			$file_size=$_FILES["addproductpic"]["size"];
			$file_type=$_FILES["addproductpic"]["type"];
			$file_error=$_FILES["addproductpic"]["error"];
			$rename = explode(".",$file_name);
			$file_rename = $rename['0'].date("His",strtotime("now")).".".$rename['1'];
			$file_dest = "../productimages/$file_rename";
			if (is_uploaded_file($file_tmp_name)) {
				if (move_uploaded_file($file_tmp_name,$file_dest)) {
				}
			} 
		}
		if($file_rename!=""){
			$sql = "INSERT INTO product (productname,productdetail,productimage,productdate) VALUES ('$productname','$productdetail','$file_rename',now())";
		} else {
			$sql = "INSERT INTO product (productname,productdetail,productdate) VALUES ('$productname','$productdetail',now())";
		}
		mysql_query($sql);
		mysql_close($link);
	break;
	
	case "deldisease":
		$id = $_POST["id"];
		$sql = "UPDATE disease SET `status`='0' WHERE diseaseid='$id'";
		mysql_query($sql);
		mysql_close($link);
	break;
	
	case "delfood":
		$id = $_POST["id"];
		$sql = "UPDATE `food` SET `status`='0' WHERE foodid='$id'";
		mysql_query($sql);
		mysql_close($link);
	break;
	
	case "delfoodcategory":
		$id = $_POST["id"];
		$sql = "UPDATE `foodcategory` SET `status`='0' WHERE categoryid='$id'";
		mysql_query($sql);
		mysql_close($link);
	break;
	
	case "delnotice":
		$id = $_POST["id"];
		$sql = "UPDATE `notice` SET noticeflag='0' WHERE noticeid='$id'";
		mysql_query($sql);
		mysql_close($link);
	break;
	
	case "delnoticetype":
		$id = $_POST["id"];
		$sql = "UPDATE `noticetype` SET `noticestatus`='0' WHERE `noticetypeid`='$id'";
		mysql_query($sql);
		mysql_close($link);
	break;
	
	case "delproduct":
		$id = $_POST["id"];
		$sql = "UPDATE `product` SET `productstatus`='0' WHERE `productid`='$id'";
		mysql_query($sql);
		mysql_close($link);
	break;
	
	case "deluser":
		$id = $_POST["id"];
		$sql = "UPDATE `userdata` SET `userstatus`='0' WHERE `user_pk_id`='$id'";
		mysql_query($sql);
		mysql_close($link);
	break;
	
	case "listfoodtype":
		$id = $_GET["id"];
		$sql = "SELECT foodcategory.categoryid, foodcategory.categoryname, foodcategory.description  FROM foodcategory WHERE foodcategory.categoryid =  '$id'";
        $result = mysql_query($sql);
        $efoodtype = array();
        $row = mysql_fetch_array($result, MYSQL_ASSOC);
        array_push($efoodtype, array('categoryid' => $row['categoryid'], 'categoryname' => $row['categoryname'], 'description' => $row['description']));
        echo json_encode(array("efoodtype" => $efoodtype));
        mysql_free_result($result);
        mysql_close($link);
	break;
	
	case "listfood":
		$id = $_GET["id"];
		$sql = "SELECT food.foodid, food.foodname, food.foodcategoryid, food.foodcc, food.foodunit, food.totalcallory, food.fatcallory, food.totalfat, food.saturatedfat, food.cholestoral, food.protein, food.carbohydrate, food.dietaryfiber, food.vitamina, food.thiamin, food.riboflavin, food.niacin, food.vitaminb6, food.folicacid, food.biotin, food.panlothenicacid, food.vitaminb12, food.vitaminc, food.vitamind, food.vitamine, food.vitamink, food.calcium, food.phosphorus, food.iron, food.iodine, food.magnesium, food.zinc, food.copper, food.potassium, food.sodium, food.manganese, food.selenium, food.fluoride, food.molybdenum, food.chromium, food.chloride FROM food WHERE food.foodid =  '$id'";
		$result = mysql_query($sql);
        $efood = array();
        $row = mysql_fetch_array($result, MYSQL_ASSOC);
        array_push($efood, array('foodid' => $row['foodid'], 'foodname' => $row['foodname'], 'foodcategoryid' => $row['foodcategoryid'], 'foodcc' => $row['foodcc'], 'foodunit' => $row['foodunit'], 'totalcallory' => $row['totalcallory'], 'fatcallory' => $row['fatcallory'], 'totalfat' => $row['totalfat'], 'saturatedfat' => $row['saturatedfat'], 'cholestoral' => $row['cholestoral'], 'protein' => $row['protein'], 'carbohydrate' => $row['carbohydrate'], 'dietaryfiber' => $row['dietaryfiber'], 'vitamina' => $row['vitamina'], 'thiamin' => $row['thiamin'], 'riboflavin' => $row['riboflavin'], 'niacin' => $row['niacin'], 'vitaminb6' => $row['vitaminb6'], 'folicacid' => $row['folicacid'], 'biotin' => $row['biotin'], 'panlothenicacid' => $row['panlothenicacid'], 'vitaminb12' => $row['vitaminb12'], 'vitaminc' => $row['vitaminc'], 'vitamind' => $row['vitamind'], 'vitamine' => $row['vitamine'], 'vitamink' => $row['vitamink'], 'calcium' => $row['calcium'], 'phosphorus' => $row['phosphorus'], 'iron' => $row['iron'], 'iodine' => $row['iodine'], 'magnesium' => $row['magnesium'], 'zinc' => $row['zinc'], 'copper' => $row['copper'], 'potassium' => $row['potassium'], 'sodium' => $row['sodium'], 'manganese' => $row['manganese'], 'selenium' => $row['selenium'], 'fluoride' => $row['fluoride'], 'molybdenum' => $row['molybdenum'], 'chromium' => $row['chromium'], 'chloride' => $row['chloride']));
        echo json_encode(array("efood" => $efood));
        mysql_free_result($result);
        mysql_close($link);
	break;
	
	case "listdisease":
		$id = $_GET["id"];
		$sql = "SELECT disease.diseaseid, disease.diseasename, disease.description FROM disease WHERE disease.diseaseid =  '$id'";
        $result = mysql_query($sql);
        $edisease = array();
        $row = mysql_fetch_array($result, MYSQL_ASSOC);
        array_push($edisease, array('diseaseid' => $row['diseaseid'], 'diseasename' => $row['diseasename'], 'description' => $row['description']));
        echo json_encode(array("edisease" => $edisease));
        mysql_free_result($result);
        mysql_close($link);
	break;
	
	case "listeditnoticetype":
		$id = $_GET["id"];
		$sql = "SELECT noticetype.noticetypeid, noticetype.noticetypename FROM noticetype WHERE noticetype.noticetypeid =  '$id'";
        $result = mysql_query($sql);
        $enoticetype = array();
        $row = mysql_fetch_array($result, MYSQL_ASSOC);
        array_push($enoticetype, array('noticetypeid' => $row['noticetypeid'], 'noticetypename' => $row['noticetypename']));
        echo json_encode(array("enoticetype" => $enoticetype));
        mysql_free_result($result);
        mysql_close($link);
	break;
	
	case "listeditproduct":
		$id = $_GET["id"];
		$sql = "SELECT product.productid, product.productname, product.productdetail, product.productimage FROM product WHERE product.productid =  '$id'";
        $result = mysql_query($sql);
        $eproduct = array();
        $row = mysql_fetch_array($result, MYSQL_ASSOC);
        array_push($eproduct, array('productid' => $row['productid'], 'productname' => $row['productname'], 'productdetail' => $row['productdetail'], 'productimage' => $row['productimage']));
        echo json_encode(array("eproduct" => $eproduct));
        mysql_free_result($result);
        mysql_close($link);
	break;
	
	case "listnotice":
		$id = $_GET["id"];
		$sql = "SELECT notice.noticeid, notice.noticehead, notice.noticecontent, notice.noticepic, notice.noticetypeid FROM notice WHERE notice.noticeid = '$id'";
		$result = mysql_query($sql);
        $enotice = array();
        $row = mysql_fetch_array($result, MYSQL_ASSOC);
        array_push($enotice, array('noticeid' => $row['noticeid'], 'noticehead' => $row['noticehead'], 'noticecontent' => $row['noticecontent'], 'noticepic' => $row['noticepic'], 'noticetypeid' => $row['noticetypeid']));
        echo json_encode(array("enotice" => $enotice));
        mysql_free_result($result);
        mysql_close($link);
	break;
	
	case "listuser":
		$id = $_GET["id"];
		$sql = "SELECT userdata.userid, userdata.username, userdata.usersname, userdata.address, userdata.email, userdata.tel, userdata.mobile, userdata.sex FROM userdata WHERE userdata.user_pk_id = '$id'";
		$result = mysql_query($sql);
        $vuser = array();
        $row = mysql_fetch_array($result, MYSQL_ASSOC);
        array_push($vuser, array('userid' => $row['userid'], 'username' => $row['username'], 'usersname' => $row['usersname'], 'address' => $row['address'], 'mobile' => $row['mobile'], 'sex' => $row['sex'], 'email' => $row['email'], 'tel' => $row['tel']));
        echo json_encode(array("vuser" => $vuser));
        mysql_free_result($result);
        mysql_close($link);
	break;
	
	case "updatefoodtype":
		$categoryname = $_POST["fields"]["0"]["value"];
		$description = $_POST["fields"]["1"]["value"];
		$id = $_POST["fields"]["2"]["value"];
		$sql = "UPDATE `foodcategory` SET `categoryname`='$categoryname',`description`='$description' WHERE `categoryid`='$id'";
		mysql_query($sql);
		mysql_close($link);
	break;
	
	case "updatedisease":
		$diseasename = $_POST["fields"]["0"]["value"];
		$description = $_POST["fields"]["1"]["value"];
		$id = $_POST["fields"]["2"]["value"];
		$sql = "UPDATE `disease` SET `diseasename`='$diseasename',`description`='$description' WHERE `diseaseid`='$id'";
		mysql_query($sql);
		mysql_close($link);
	break;
	
	case "updatefood":
		$sql = "UPDATE `food` SET `foodname`='".$_POST["fields"]["0"]["value"]."',`foodcategoryid`='".$_POST["fields"]["1"]["value"]."',`foodcc`='".$_POST["fields"]["3"]["value"]."',`foodunit`='".$_POST["fields"]["2"]["value"]."',`totalcallory`='".$_POST["fields"]["4"]["value"]."',`fatcallory`='".$_POST["fields"]["5"]["value"]."',`totalfat`='".$_POST["fields"]["6"]["value"]."',`saturatedfat`='".$_POST["fields"]["7"]["value"]."',`cholestoral`='".$_POST["fields"]["8"]["value"]."',`protein`='".$_POST["fields"]["9"]["value"]."',`carbohydrate`='".$_POST["fields"]["10"]["value"]."',`dietaryfiber`='".$_POST["fields"]["11"]["value"]."',`vitamina`='".$_POST["fields"]["12"]["value"]."',`thiamin`='".$_POST["fields"]["13"]["value"]."',`riboflavin`='".$_POST["fields"]["14"]["value"]."',`niacin`='".$_POST["fields"]["15"]["value"]."',`vitaminb6`='".$_POST["fields"]["16"]["value"]."',`folicacid`='".$_POST["fields"]["17"]["value"]."',`biotin`='".$_POST["fields"]["18"]["value"]."',`panlothenicacid`='".$_POST["fields"]["19"]["value"]."',`vitaminb12`='".$_POST["fields"]["20"]["value"]."',`vitaminc`='".$_POST["fields"]["21"]["value"]."',`vitamind`='".$_POST["fields"]["22"]["value"]."',`vitamine`='".$_POST["fields"]["23"]["value"]."',`vitamink`='".$_POST["fields"]["24"]["value"]."',`calcium`='".$_POST["fields"]["25"]["value"]."',`phosphorus`='".$_POST["fields"]["26"]["value"]."',`iron`='".$_POST["fields"]["27"]["value"]."',`iodine`='".$_POST["fields"]["28"]["value"]."',`magnesium`='".$_POST["fields"]["29"]["value"]."',`zinc`='".$_POST["fields"]["30"]["value"]."',`copper`='".$_POST["fields"]["31"]["value"]."',`potassium`='".$_POST["fields"]["32"]["value"]."',`sodium`='".$_POST["fields"]["33"]["value"]."',`manganese`='".$_POST["fields"]["34"]["value"]."',`selenium`='".$_POST["fields"]["35"]["value"]."',`fluoride`='".$_POST["fields"]["36"]["value"]."',`molybdenum`='".$_POST["fields"]["37"]["value"]."',`chromium`='".$_POST["fields"]["38"]["value"]."',`chloride`='".$_POST["fields"]["39"]["value"]."' WHERE `foodid`='".$_POST["fields"]["40"]["value"]."'";
		mysql_query($sql);
		mysql_close($link);
	break;
	
	case "adduserprofile":
		$nuserid = $_POST["nuserid"];
		//$npassword = $_POST["npassword"];
		$npassword = "password";
		$nfname = $_POST["nfname"];
		$nlname = $_POST["nlname"];
		$nsex = $_POST["nsex"];
		$ntype = $_POST["ntype"];
		$naddress = $_POST["naddress"];
		$nemail = $_POST["nemail"];
		$ntel = $_POST["ntel"];
		$nmobile = $_POST["nmobile"];
		$sql = "INSERT INTO `userdata` (`userid`, `password`, `username`, `usersname`, `address`, `email`, `tel`, `mobile`, `sex`, `usertype`) VALUES ('$nuserid', PASSWORD('$npassword'), '$nfname', '$nlname', '$naddress', '$nemai', '$ntel', '$nmobile', '$nsex', '$ntype')";
		mysql_query($sql);
		mysql_close($link);
	break;
	
	case "updatenoticetype":
		$noticename = $_POST["fields"]["0"]["value"];
		$id = $_POST["fields"]["1"]["value"];
		$sql = "UPDATE `noticetype` SET `noticetypename`='$noticename' WHERE `noticetypeid`='$id'";
		mysql_query($sql);
		mysql_close($link);
	break;
	case "savediseasefood":
	$diseaseid = $_POST['diseaseid'];
	$sql = "DELETE FROM diseasefood WHERE diseaseid = '$diseaseid'";
	mysql_query($sql);
	$sql = "SELECT Max(food.foodid) FROM food";
	$result = mysql_query($sql);
	$row = mysql_fetch_array($result);
	$loop = $row['0'];
	for ($i=1;$i<=$loop;$i++) {
		if(isset($_POST['rdfood_'.$i])) {
			$type = $_POST['rdfood_'.$i];
			$description = $_POST['rddis_'.$i];
			$sql = "INSERT INTO diseasefood (diseaseid,foodid,foodtype,description) VALUES ('$diseaseid','$i','$type','$description')";
			mysql_query($sql);
		}
	}
	mysql_free_result($result);
	mysql_close($link);
	header("Location: index.php");
	break;
}
?>
